General
-
Target
Wynntils.Mod.Installer-1.4.1.exe
-
Size
79.2MB
-
Sample
240221-v3arqscb9t
-
MD5
05195aa42a52658e1358ee87c71adde3
-
SHA1
cf25e3e6704314dbd47f6fe4c4f4459214b70eb4
-
SHA256
78330d547c0466f8a4c4ef26200315a188054fa86c7bc459feb9c5ad2b450b80
-
SHA512
fbc58e91c1478b5fe0369126974f9351bd7c7503b6801f6497f6651c649b0f8b48359300b30351141a79d2218c35d20327314153cb12219666c9bac4da45fd24
-
SSDEEP
1572864:FXMrfx66weJbgq2Mt8NrC0rUdEXdH0krPF6cn088d7:FXMrfx66weJbgOt8N+AUuNUoPVt8d
Malware Config
Targets
-
-
Target
Wynntils.Mod.Installer-1.4.1.exe
-
Size
79.2MB
-
MD5
05195aa42a52658e1358ee87c71adde3
-
SHA1
cf25e3e6704314dbd47f6fe4c4f4459214b70eb4
-
SHA256
78330d547c0466f8a4c4ef26200315a188054fa86c7bc459feb9c5ad2b450b80
-
SHA512
fbc58e91c1478b5fe0369126974f9351bd7c7503b6801f6497f6651c649b0f8b48359300b30351141a79d2218c35d20327314153cb12219666c9bac4da45fd24
-
SSDEEP
1572864:FXMrfx66weJbgq2Mt8NrC0rUdEXdH0krPF6cn088d7:FXMrfx66weJbgOt8N+AUuNUoPVt8d
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-